27C3 - Version 1.6.3
27th Chaos Communication Congress
We come in peace
Referenten | |
---|---|
Karsten Nohl | |
Sylvain Munaut |
Programm | |
---|---|
Tag | Day 2 - 2010-12-28 |
Raum | Saal 1 |
Beginn | 14:00 |
Dauer | 01:00 |
Info | |
ID | 4208 |
Veranstaltungstyp | Vortrag |
Track | Hacking |
Sprache der Veranstaltung | englisch |
Feedback | |
---|---|
Haben Sie diese Veranstaltung besucht? Feedback abgeben |
Wideband GSM Sniffing
GSM is still the most widely used security technology in the world with a user base of 5 billion and a quickly growing number of critical applications. 26C3's rainbow table attack on GSM's A5/1 encryption convinced many users that GSM calls should be considered unprotected. The network operators, however, have not woken up to the threat yet. Perhaps the new capabilities to be unleashed this year – like wide-band sniffing and real-time signal processing – will wake them up.
Now that GSM A5/1 encryption can be cracked in seconds, the complexity of wireless phone snooping moved to signal processing. Since GSM hops over a multitude of channels, a large chunk of radio spectrum needs to be analyzed, for example with USRPs, and decoded before storage or decoding. We demonstrate how this high bandwidth task can be achieved with cheap programmable phones.